mahasinsaif.banouta.net/t3-topic
178.33.43.178301 Moved Permanently 0 B URL HTTP/1.1 mahasinsaif.banouta.net/t3-topic
IP 178.33.43.178:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t3-topic HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 21:59:20 GMT
Content-Length: 0
Location: https://mahasinsaif.banouta.net/t3-topic
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10736
Expires: Mon, 05 Dec 2022 00:58:16 GMT
Date: Sun, 04 Dec 2022 21:59:20 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6438
Cache-Control: max-age=137954
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 12:18:35 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6693
Expires: Sun, 04 Dec 2022 23:50:54 GMT
Date: Sun, 04 Dec 2022 21:59:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 21:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2457
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e6Bw3d31x2xvq5Z6qXBTAeaJtmc/qPm8fVkfkB7PmZ1cRorgQMZCc/WOoghaN/lYM3/MI5wKI2Q=
x-amz-request-id: DF9KXXXGE7590P4S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 21:47:08 GMT
age: 733
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e42d13f47e297565238788c921eeb3fe
f34388c1d3e0a38709411a273e1a977c21a66705
52742f508d58a4d741b7b7734c6696e8c15b51b8482e8a0d1188bd30fcfc6c48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52742F508D58A4D741B7B7734C6696E8C15B51B8482E8A0D1188BD30FCFC6C48"
Last-Modified: Sat, 03 Dec 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21508
Expires: Mon, 05 Dec 2022 03:57:49 GMT
Date: Sun, 04 Dec 2022 21:59:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 21:11:19 GMT
cache-control: public,max-age=3600
age: 2882
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6426
Cache-Control: max-age=132876
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:53:57 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1500
Cache-Control: max-age=115358
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:01:59 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1500
Cache-Control: max-age=115358
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:01:59 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5674
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Last-Modified: Sun, 04 Dec 2022 20:24:47 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
216.58.207.234200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP 216.58.207.234:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 18:40:06 GMT
expires: Wed, 29 Nov 2023 18:40:06 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 443955
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6414
Cache-Control: max-age=93290
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638bc895-118"
Expires: Mon, 05 Dec 2022 23:54:11 GMT
Last-Modified: Sat, 03 Dec 2022 22:07:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2899
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638bc895-118"
Last-Modified: Sun, 04 Dec 2022 21:11:02 GMT
Server: ECS (amb/6BB6)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 81b4d5cf042f5a919ebe8d75b97c3a25
cc17f00660238f9033eb3b715562999f5b8b58d3
b2c58906fca9fec5cf5ae5ee89db3d14e53e99514b361835c99353d3d902bd2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3220
Cache-Control: max-age=159204
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638cd689-2d7"
Expires: Tue, 06 Dec 2022 18:12:45 GMT
Last-Modified: Sun, 04 Dec 2022 17:19:05 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 1c5a280d130588f4098f759d4606e5b7
6ee703f50768d46afbe70cc014963ff56b8a04a3
0e44cc312aad8320de54cb8c8438ea503090c3b61b7240d2b466b8ef9ac704a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6308
Cache-Control: max-age=91744
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638bc2f5-138"
Expires: Mon, 05 Dec 2022 23:28:25 GMT
Last-Modified: Sat, 03 Dec 2022 21:43:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 312
www.googletagmanager.com/gtag/js?id=UA-144347007-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 7394f5efc2066edb47c804c2c4761abe
b4cb6023843f40023aa6362ba284c20fe755a2cb
83ecc8534e141da3c4d489b95c5cf128c6258780520fbfb5c5482ab53adcdbb6
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 21:59:21 GMT
expires: Sun, 04 Dec 2022 21:59:21 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43635
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mahasinsaif.banouta.net/0-rtl.css
94.23.159.185200 OK 55 kB URL HTTP/2 mahasinsaif.banouta.net/0-rtl.css
IP 94.23.159.185:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 381c82b46a7a0132c79b3d1a5f79ef65
1cef0f49d7114f3ae5bae00e7f1860f89e6013e7
950a073387a526d6217821075cdbb709f8737beef0bfded67bd3d440a8acf09d
GET /0-rtl.css HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/t3-topic
Cookie: exadd=167020
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: text/css
content-length: 54736
last-modified: Sun, 04 Dec 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1500
Cache-Control: max-age=115358
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:21 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:01:59 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
2img.net/i/fa/prosilver_grey/icon_gallery.gif
104.21.235.175200 OK 158 B URL HTTP/2 2img.net/i/fa/prosilver_grey/icon_gallery.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 14 x 14\012- data
Hash 68f80233b8287fc372dedca95f5feecb
2d573bda699c5371df6cca6d60b7b15f366b43f1
738434c1e4324d4e0b386a7f307b953d062ed1154c6fe3c6b4286966c809ba4b
GET /i/fa/prosilver_grey/icon_gallery.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: image/gif
content-length: 158
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-9e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 561598
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bchsMgvg3NYxAo0q9CLlY0aI5sZFalgA1mZuysCL%2B4VqRIrGix%2FBH57uHspLsPXzKbmPxnGUUned2oV%2Bj9lwDQ1Hym1kj9gjSnoDglwZsmu0EY5fKZmEwrIqMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390488aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/empty.gif
104.21.235.175200 OK 43 B IP 104.21.235.175:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 562132
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2WSRqoSr0P5r68wJKjZy4PyalD5cZt93%2B6nFPBLTz74dY9%2BDsG8zD2BhG%2FIQkABoy8%2BCzTyDd%2FOczloVI1qdS48LveqcAV%2BCtd0xC5Ww4kwXmF5eGLPUzVqzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390288aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/10/02/41/i_icon_mini_login.gif
104.21.235.175200 OK 865 B URL HTTP/2 2img.net/s/t/10/02/41/i_icon_mini_login.gif
IP 104.21.235.175:0
File type GIF image data, version 87a, 75 x 32\012- data
Hash be13ff517b557ebf5f4882822017b728
d5754bca183cfb7199199418cb174eef8d6f7c0e
82bd8b96a815940acd9edcc0dd6a3ffc88a129637ffbb58c8a45d48552dbba08
GET /s/t/10/02/41/i_icon_mini_login.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 865
last-modified: Wed, 27 Oct 2010 13:42:57 GMT
etag: "4cc82c61-361"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IdASHmAZoReHE7HVkMIgoGAErlMZkamYMuLUTEqq6mTZRcEaZoN7G1ekwme%2FV4%2Fofx%2BuzvyV7iYfMBTKtbxFVuBYETJLXSv7pr3P%2B1bB1Q5dJi32OUSK6pErKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390188aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/10/02/41/i_icon_mini_register.gif
104.21.235.175200 OK 890 B URL HTTP/2 2img.net/s/t/10/02/41/i_icon_mini_register.gif
IP 104.21.235.175:0
File type GIF image data, version 87a, 75 x 32\012- data
Hash c204b0d8d2270062a270dbbb47cf600b
dd18b55d4fd3a15f910f871ad59e2788b4dd04ad
85af93310afe9f9041854259f9c97017a79a1fefe3776f72c58da293bd63911e
GET /s/t/10/02/41/i_icon_mini_register.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 890
last-modified: Wed, 27 Oct 2010 13:42:57 GMT
etag: "4cc82c61-37a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6zj%2BKVp%2BsG%2FtpwJW7eepOwfE5GDjiKlOrbjREt2SaJHH3aAhrBSTpw1n8MOerGgsgSfVQoZ3YcMB8xHJ6t9PDQWUkmlceS28k%2Fpi74%2B8kUtBtDFTTX7vyVzFOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390788aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/10/02/41/i_icon_minitime.gif
104.21.235.175200 OK 137 B URL HTTP/2 2img.net/s/t/10/02/41/i_icon_minitime.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 17 x 16\012- data
Hash 9594657f7f7cb3ecd339dd48e085eac7
98f596ff359e52f86be44e38cbb3eddc0f36c577
4e1e2b589ee5d2fb8cab8983f1aae941fd91b19e9bbb3c110a934bbdbfc71c04
GET /s/t/10/02/41/i_icon_minitime.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 137
last-modified: Wed, 27 Oct 2010 13:42:58 GMT
etag: "4cc82c62-89"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVwjeMVxPWIa%2FOT1MQ4%2F1t9lPdnHmX1XpoEg7Ssv1zyx9YcvDwiU1QpUKtblqyD2qRcc4LdJp6RWPARj%2BkNuPMH5ZHXj2oX%2BVjv5gvCcLrIBrIfqljUxC9OV0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a38fd88aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/10/02/41/i_icon_mini_portal.gif
104.21.235.175200 OK 888 B URL HTTP/2 2img.net/s/t/10/02/41/i_icon_mini_portal.gif
IP 104.21.235.175:0
File type GIF image data, version 87a, 75 x 32\012- data
Hash 8a9e8b5fc6bc18621d4413e1b547c285
a6e11e42ba592edd1106bf4ac51ed1f32757031f
afcdcdc73a3b71608a0577dcd1e3ab64d53fc5e1cfbe526950186ce03ab4594f
GET /s/t/10/02/41/i_icon_mini_portal.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 888
last-modified: Wed, 27 Oct 2010 13:42:57 GMT
etag: "4cc82c61-378"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Dv63c0x02DK0bfotK7qMg8wm%2BpddlHyjG0awA3rae3u08j9ZCro%2BMTah8VzEvH2BKR4Py6o8p9HBvcxt6tYSHu7yfnEWF8ktWj8QyrTxC8GV2TgbeqYOy1nRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390688aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.162.110.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.110.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KXWPg5lL9F827+CIqVMnNg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ubZSippP9kWYGjKtjTDCvaTDSJk=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6415
Cache-Control: max-age=93290
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638bc895-118"
Expires: Mon, 05 Dec 2022 23:54:12 GMT
Last-Modified: Sat, 03 Dec 2022 22:07:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
2img.net/s/t/10/02/41/i_icon_mini_index.gif
104.21.235.175200 OK 897 B URL HTTP/2 2img.net/s/t/10/02/41/i_icon_mini_index.gif
IP 104.21.235.175:0
File type GIF image data, version 87a, 75 x 32\012- data
Hash d8dff566e79041d27b89c1b8d890e754
bd6f50289c4ea027c653535728b79b2a5a9d8d73
54531c2c1ea88999f6ea1e930eea9a53bb2c9c66e6726bed3bd5c4b388cbc31d
GET /s/t/10/02/41/i_icon_mini_index.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/gif
content-length: 897
last-modified: Wed, 27 Oct 2010 13:42:58 GMT
etag: "4cc82c62-381"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0N%2FN2yN2SjOTbty8L1RA564%2F9NyzC0DhkHNX4EJG0R2WpUG%2BTC5xUjOxMFN9UhYysOh0DvDemCFz1naV4lk7GmYPKHEfiHzIpul5tYMd8CspzhuSP5kenPwmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a390388aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d3e8f4315487d14d256974b0de698bd6
b95e16294a0ce9bceab933b34b21d8878a1449bf
6953f31da4312fdb9b7b30b7add9e86d1b9f331c48b187f915e9cde8b1668859
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6953F31DA4312FDB9B7B30B7ADD9E86D1B9F331C48B187F915E9CDE8B1668859"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3033
Expires: Sun, 04 Dec 2022 22:49:55 GMT
Date: Sun, 04 Dec 2022 21:59:22 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 8b839bec32f7b79c6fea79eef3c39eaf
e78ff3339301c487eb72d61eeafa61fc02ce5012
f4630ec53ba02868a55d568264fa0c2715ce825558bb74d070dcac5ee49bb31c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6377
Cache-Control: max-age=140024
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c7f49-139"
Expires: Tue, 06 Dec 2022 12:53:06 GMT
Last-Modified: Sun, 04 Dec 2022 11:06:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
illiweb.com/rs3/66/frm/embed/FA_Embed.js
104.21.63.213200 OK 9.9 kB URL HTTP/2 illiweb.com/rs3/66/frm/embed/FA_Embed.js
IP 104.21.63.213:0
File type ASCII text, with no line terminators
Hash 27d03ca4f92465463d636a10f3d09f1f
da827fe97360aeb67ef891ae33b5fbd601aa82da
ed0b8e6e9aa58bf9a2bb60e7c94b6a1947bfafa984934127f424d8189a47b775
GET /rs3/66/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:27 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 995814
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8udPw%2FTv4Z9SkvT0vE6w7Nd6luK5yjpaOfJaEc3KWaeFAtSxoAwGvD6cPgD8BvZSyuOWYnq9ZDiVYZTG0a78x3vi7BQDAp7yWFHyn1T6OpUUtiFeszKmLOyQXvTzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf09e8eb0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
104.21.63.213200 OK 1.6 kB URL HTTP/2 illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
IP 104.21.63.213:0
File type ASCII text, with very long lines (1011), with no line terminators
Hash 0e9f35775e7cb247a528509b2736a551
9dd26946266ffbe8b20f6374b5669f0d0b984080
346eae9def070cae2f55d0bf31aa1e6c4975f054df744773f65ac58a072beff8
GET /rs3/66/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:23 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 995818
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tx6wQqBvmOc1lIfmaRMDFJZFa3ya3QzjeHXw%2BI9jjZroSQ8eTYvHr3anFrb%2BHY8ShJzkvGWFkjozKHnklEwsA05NW6tJAj37WRPorXE9gRrIv6lWFGhZlrMDmQWK2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a19200b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.viglink.com/api/vglnk.js
54.230.111.6200 OK 29 kB URL HTTP/2 cdn.viglink.com/api/vglnk.js
IP 54.230.111.6:0
File type ASCII text, with very long lines (693)
Hash 072eaf64a771815874455704fca9301b
6c6226d00f14bb800cd4390b3cd42df941be43b1
bb35c8c300bd1acfe7ed86eb988f74ff2e8d86a4fb0409c5d78a890f9fd14b8e
GET /api/vglnk.js HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 28567
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 16:53:51 GMT
cache-control: public, max-age=604800
etag: "072eaf64a771815874455704fca9301b"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jRc_HHSdHYvX7-e_ehZJlFcHl__qyiq_sd3N0CHaS4P1gKHAbFoR9Q==
age: 363931
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.239.32.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.32.178:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 20:46:55 GMT
expires: Sun, 04 Dec 2022 22:46:55 GMT
cache-control: public, max-age=7200
age: 4347
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=mahasinsaif.banouta.net&var=&ymid=&var_3=
139.45.197.250200 OK 758 B URL HTTP/2 stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=mahasinsaif.banouta.net&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (757)
Hash 01694ba3bbaca5b87e82fb16cfc109f7
7d3c774bc3e6646550ccc1f4df7842cc23de603e
b299c8357d59fc504f69e8c6835be1945d0af31d21db727721bf4681c3ae0d34
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=mahasinsaif.banouta.net&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: 75919edd1da563dfcbe81eaf33a2415e
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
151.101.129.44200 OK 25 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP 151.101.129.44:0
File type Unicode text, UTF-8 text, with very long lines (65498)
Hash 89d32c791c97d8cc6581d18ba08c37fd
ebb36de9cf125714cb2173ecd255671d1ed3c24b
f0ac1545dc3d63aba60185c29f1b5f57e90172fc75d02f8028d866b70ce1b1ac
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DLluyGnC1xDYt2a+kJQyFKK9H2xkcfp/qZ84RLUZoYLCPZ+1POiLYMLhG1OFjtzcWLJ2CSJCMwU=
x-amz-request-id: XZE36HPYXP5NVRCS
last-modified: Sun, 04 Dec 2022 11:07:05 GMT
etag: "4ce1aa58b1acafb9b4f2ae3522152e9b"
x-amz-version-id: HGeyL_.MBNtV9nwEV7JtR0Xc2rmgdTYa
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:22 GMT
via: 1.1 varnish
age: 46
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670191162.482033,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 84
content-length: 25343
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=132&profileId=206&cb=86056040041
178.250.0.165200 OK 161 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=206&cb=86056040041
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 69a5a036ca1c6e10ac84a5c32b187c6e
12455d8017dd2bb941a54f41eb25ca974557fd71
ceaf6ce4bdb9ddd2d298f442981f518f0a98153c71ab369faa81e191d2b139f7
POST /cdb?ptv=132&profileId=206&cb=86056040041 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 570
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://mahasinsaif.banouta.net
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 161
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash a9f82178f4a7dccd4bf4fb84170e3fa7
54ad9cb2fd1e5c31a13ac377b445de55ec7df58a
3b826b406a9db81555b54fad48ebecaf45414ef3119e0be8635c54a02615ec88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6280
Cache-Control: max-age=163719
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638cdc39-139"
Expires: Tue, 06 Dec 2022 19:28:01 GMT
Last-Modified: Sun, 04 Dec 2022 17:43:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=PG7pZl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPZ3RjZEJKVUZRVUdnNk9sUGpqTjclMkJ6; expires=Fri, 29 Dec 2023 21:59:22 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 157165
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20221204-5-RELEASE.js
151.101.129.44200 OK 147 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221204-5-RELEASE.js
IP 151.101.129.44:0
File type ASCII text, with very long lines (65509)
Size 147 kB (146692 bytes)
Hash 44011b5dd14e2f62cd293736e61bfd5d
de3c2fe115b850c1e3e98fe3f7535b25cb1d3c60
b3afb4ddb950f8d47f69dc4d767ab42575b6ac181266b74bf47f62db718d1b78
GET /libtrc/impl.20221204-5-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: CjI7dNb7Sm2ieogl+FR+2lgv4og9KWqPbaVSss7gfMGqV7gCClnQ5mltb5VDFGjCpsQ2jYBvHZE=
x-amz-request-id: 4J772X8ZNY05ZTSH
last-modified: Sun, 04 Dec 2022 10:58:02 GMT
etag: "44011b5dd14e2f62cd293736e61bfd5d"
content-encoding: br
x-amz-version-id: FCB4xk7W.ZTqnSlYrGqFWfqH44s.QC5m
content-type: application/javascript
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:22 GMT
via: 1.1 varnish
age: 10871
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 9832
x-timer: S1670191163.634560,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 15
server: AmazonS3-br
content-length: 146692
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash ee00ac7a24f2be13f49a39c476f9f707
98a87636f9dbd123b21b0c4adf164c68603da8ba
6edf8fd4b338be0cfa4ce5fd22a6adc145f0f47576447a03c277bea70a43a5eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6305
Cache-Control: max-age=136019
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c6fec-139"
Expires: Tue, 06 Dec 2022 11:46:21 GMT
Last-Modified: Sun, 04 Dec 2022 10:01:16 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash ab507b3688f9409491da9715db2cb8f7
1f851e21b05f8fca6685220fdb1c1b3856d97791
ada01d1daa6559da33b5b7f076f5987e36394b6a617b09d33805c6cf875e80a4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=123737
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c5246-1d7"
Expires: Tue, 06 Dec 2022 08:21:39 GMT
Last-Modified: Sun, 04 Dec 2022 07:54:46 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8INipdIO0b0GiJYOatiLxpfrJWsQqyB3PaaPVaJrnpTUEJmqYE9C-A==
Age: 1613
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4cdd9e92530719e8c12811e9ea1393f4
4142f71c9ecab6ac316d5585beaca78d6aaa32c8
9534bfce33123fd927838b7d0a5b2fb1d7063bd795bf346e9cf6e2b0683fd79f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9534BFCE33123FD927838B7D0A5B2FB1D7063BD795BF346E9CF6E2B0683FD79F"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11241
Expires: Mon, 05 Dec 2022 01:06:43 GMT
Date: Sun, 04 Dec 2022 21:59:22 GMT
Connection: keep-alive
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Content-Type: application/json
Origin: https://mahasinsaif.banouta.net
Content-Length: 391
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1a5ee84fb913274c764efe055f9fad73
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
api.viglink.com/api/ping
34.246.116.79200 OK 259 B IP 34.246.116.79:0
File type ASCII text, with no line terminators
Hash 89ae7ea802b7ed840b5e30ed988697b3
8d134087c01ffe4c48813105e7fa45c40aa07a94
3a9289191df3f32aea9a8cdd0da67e9c55baeda308749cf62f720c564fa03dfc
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 140
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&gjid=781635450&_gid=197279554.1670191160&_u=YEBAAUAAAAAAACAAI~&z=995797053
108.177.14.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&gjid=781635450&_gid=197279554.1670191160&_u=YEBAAUAAAAAAACAAI~&z=995797053
IP 108.177.14.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&gjid=781635450&_gid=197279554.1670191160&_u=YEBAAUAAAAAAACAAI~&z=995797053 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://mahasinsaif.banouta.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 21:59:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 3b37e9e4dc5c39c8fb6aba1ddd4ddc4e
2a3653d905b34824efded08cbb4c400f80d73526
c2855a99d6c1522d57a8224193527da72bf97c139541d1e010a51762fb1ab73e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1367
Cache-Control: max-age=124940
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:22 GMT
Etag: "638c57ef-116"
Expires: Tue, 06 Dec 2022 08:41:42 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
mahasinsaif.banouta.net/images/icons-180.png
94.23.159.185200 OK 4.5 kB URL HTTP/2 mahasinsaif.banouta.net/images/icons-180.png
IP 94.23.159.185:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 0dcfea134d6f080b26f67d3dc850bdc5
6303cefd6682d6e2fe22ef650b5251f537c17829
25b5dad8f52e97a80692a98b807d337d2b638931c0081d51da72d48ef79bda7a
GET /images/icons-180.png HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/t3-topic
Cookie: exadd=167020; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: image/png
content-length: 4479
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sun, 04 Dec 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 3b37e9e4dc5c39c8fb6aba1ddd4ddc4e
2a3653d905b34824efded08cbb4c400f80d73526
c2855a99d6c1522d57a8224193527da72bf97c139541d1e010a51762fb1ab73e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1368
Cache-Control: max-age=124940
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Etag: "638c57ef-116"
Expires: Tue, 06 Dec 2022 08:41:43 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A59%3A20.406&type=usage&msg=rtus&llvl=2&id=3032&cv=20221204-5-RELEASE<=deflated&uuid=4f8120a1a90feaabe00f8398bf207a088e350fc7029dfbbb47385cfa53114f8e&dcc=1&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A59%3A20.406&type=usage&msg=rtus&llvl=2&id=3032&cv=20221204-5-RELEASE<=deflated&uuid=4f8120a1a90feaabe00f8398bf207a088e350fc7029dfbbb47385cfa53114f8e&dcc=1&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=21%3A59%3A20.406&type=usage&msg=rtus&llvl=2&id=3032&cv=20221204-5-RELEASE<=deflated&uuid=4f8120a1a90feaabe00f8398bf207a088e350fc7029dfbbb47385cfa53114f8e&dcc=1&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
x-fastly-to-nlb-rtt: 22011
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5f25c4c99bce7de9166e989e0e94df3
977a8feb8420b10fc4b27440203b08ecae7516f8
5e444685fc55211330424827c83a0b4a885ff07f4c97fa667eead72cdc3c3eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E444685FC55211330424827C83A0B4A885FF07F4C97FA667EEAD72CDC3C3EAF"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13615
Expires: Mon, 05 Dec 2022 01:46:18 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.betgorebysson.club/apu.php?zoneid=3765907
139.45.195.8200 OK 38 kB URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP 139.45.195.8:0
Hash 1973611de025062b3629a37ff768b6fe
c596d252f7528581090fa493c5f977115c5ca7cd
f8d7bcc89caeded20c454c04b8457bd6aa686d3ff8ad2c8a6057d3d30872224a
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
x-trace-id: 39ae1e72bc588b5493e1b1b7aa8d5e0e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=97da9027b7b34218ac2d4a79db326995; expires=Mon, 04 Dec 2023 21:59:22 GMT; path=/; secure; SameSite=None
oaidts=1670191162; expires=Mon, 04 Dec 2023 21:59:22 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2a3e9c9270d5d1402700343b567d8e21
4348655937347ff19881acafd04b1277e017f19c
905ee9517e8597ac86e76b99b970f77a4fbb2500de30ef6efea97a4bbcea51d4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:59:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 13:33:18 GMT
Expires: Fri, 09 Dec 2022 13:33:17 GMT
Etag: "4348655937347ff19881acafd04b1277e017f19c"
Cache-Control: max-age=401033,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7747cf11cdf8b4fd-OSL
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 903
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 04 Dec 2022 21:59:23 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 370
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:59:23 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://mahasinsaif.banouta.net
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
34.246.116.79200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP 34.246.116.79:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:23 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7c9e0bb25e8c28e8b10038806b0a7190
9fa6097aeb8eacde8ba7c9ab80a7a7d2405ae2bc
f4864000960be2f888ed7d2467f74130231fed6f56ad48ff15861f5769e95a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 21:59:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=146191530.1670191160&jid=1837410801&_u=YEBAAUAAAAAAACAAI~&z=1342309773 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 21:59:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gum.criteo.com/sid/json?origin=publishertag&domain=banouta.net&sn=FirefoxSyncframe&so=0&topUrl=mahasinsaif.banouta.net&info=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz&idsd=902747023,-473017735&cw=1&lsw=1
178.250.0.157200 OK 790 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=banouta.net&sn=FirefoxSyncframe&so=0&topUrl=mahasinsaif.banouta.net&info=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz&idsd=902747023,-473017735&cw=1&lsw=1
IP 178.250.0.157:0
Hash 2b9a5b7dcfb1054bf8aa6d51075ec7aa
0d7b5066f24e3086b01d748c2593373c77fa7975
441b6d1b0f67662aec92cba23f06dd102db97d50f60b27a702ef1a7bf9163c13
GET /sid/json?origin=publishertag&domain=banouta.net&sn=FirefoxSyncframe&so=0&topUrl=mahasinsaif.banouta.net&info=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz&idsd=902747023,-473017735&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 941675
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.betgorebysson.club/?rb=QQ04o6CSh2FHzK-35xb9oNqiOzbJe30lWodNzC3YGuBUczwnzaqDxwPpiQTXFrlf1v5QSaMl2RDHI1qHZWMhLho6ibDxbFEgHME8PWuMXmvmI-zOx_xnDIC14vEj-ONpO_y5AAoTwAosLSANSZuEeRax28dD0Sxv4QCa6TOYMHPKxJ5wnx9sguWHQ5g-XrFAH0Ig9kFRVNWOQu4JxLOHdvtyVFxYjBydukEn8nLYlu0uhbMEwrZjzLzYpv8%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=58ceed34-5a6b-4556-9a9c-887e2685cd93&userId=97da9027b7b34218ac2d4a79db326995&m=link
139.45.195.8200 OK 1.8 kB URL HTTP/2 cdn.betgorebysson.club/?rb=QQ04o6CSh2FHzK-35xb9oNqiOzbJe30lWodNzC3YGuBUczwnzaqDxwPpiQTXFrlf1v5QSaMl2RDHI1qHZWMhLho6ibDxbFEgHME8PWuMXmvmI-zOx_xnDIC14vEj-ONpO_y5AAoTwAosLSANSZuEeRax28dD0Sxv4QCa6TOYMHPKxJ5wnx9sguWHQ5g-XrFAH0Ig9kFRVNWOQu4JxLOHdvtyVFxYjBydukEn8nLYlu0uhbMEwrZjzLzYpv8%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=58ceed34-5a6b-4556-9a9c-887e2685cd93&userId=97da9027b7b34218ac2d4a79db326995&m=link
IP 139.45.195.8:0
Hash 8833755aaf9bfaea0a77770d46cbbd20
0e5cfdebd4fbaec33505b8213936d0e7edd1d5fe
a6e75934c19e90b63abf047dc80e70038e8054b3f0c16f09240d3112b74028bd
GET /?rb=QQ04o6CSh2FHzK-35xb9oNqiOzbJe30lWodNzC3YGuBUczwnzaqDxwPpiQTXFrlf1v5QSaMl2RDHI1qHZWMhLho6ibDxbFEgHME8PWuMXmvmI-zOx_xnDIC14vEj-ONpO_y5AAoTwAosLSANSZuEeRax28dD0Sxv4QCa6TOYMHPKxJ5wnx9sguWHQ5g-XrFAH0Ig9kFRVNWOQu4JxLOHdvtyVFxYjBydukEn8nLYlu0uhbMEwrZjzLzYpv8%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=58ceed34-5a6b-4556-9a9c-887e2685cd93&userId=97da9027b7b34218ac2d4a79db326995&m=link HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Cookie: OAID=97da9027b7b34218ac2d4a79db326995; oaidts=1670191162
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
content-type: application/json
x-trace-id: b248a17bf6ca328efceef74c73881dba
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=97da9027b7b34218ac2d4a79db326995; expires=Mon, 04 Dec 2023 21:59:23 GMT; path=/; secure; SameSite=None
oaidts=1670191163; expires=Mon, 04 Dec 2023 21:59:23 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 11 Dec 2022 21:59:23 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js
151.101.129.44200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js
IP 151.101.129.44:0
File type ASCII text, with very long lines (17842)
Hash 1bf1dea253cd98940ce69c484846d6a1
10eb6e66d08a1b9d47b907bdab99ce62df1ac64e
a1400b6b985663284e06ff193ae67a058ac4a941c0e39a0459fbdbae5f2b8bec
GET /libtrc/userx.20221204-5-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: JqZ/yLM48O7O463Ttm8xU7mzkvETfxvwt7FKlLjm6luzENqOF69dXlL97srYZ1cLMuNLK64Qayk=
x-amz-request-id: F6G6YAPYQQ205QRS
x-amz-replication-status: PENDING
last-modified: Sun, 04 Dec 2022 12:46:15 GMT
etag: "f257084fa5d40369fd5095838cc508c9"
x-amz-version-id: t5qY8CKRUH4Gm3ODbJJbfrati21qr3EK
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
age: 48
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 4
x-timer: S1670191163.376779,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 15
content-length: 5398
X-Firefox-Spdy: h2
api.viglink.com/api/domains
34.246.116.79200 OK 41 B URL HTTP/1.1 api.viglink.com/api/domains
IP 34.246.116.79:0
File type ASCII text, with no line terminators
Hash 4081c7f27fd7098cdd1e2f9a18cb1bde
ad87a8b70f7e77bcd2ac0727d18ef583fa8df573
a05449f6e9a52ebe0b1709457cae96ffecb3603fbc36dd41bc4a6fb103f9c724
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 240
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:22 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive
vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
151.101.129.44200 OK 30 kB URL HTTP/2 vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
IP 151.101.129.44:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash aac1042207afd54e1cf1befcaf3420cd
00f0597866330a850a1d6222861591f24dd18380
ea77ece8880eb28ffe83e94ef787b4204f8b1b3d09f443011b898b13ed4bb706
GET /lite-unit/3.9.8/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 07:02:09 GMT
etag: "1842444d4bb92087143326a4d508875d"
server: AmazonS3
via: 1.1 b34d5d8e5954d0b7b46d5f0eb534c166.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: iVxUQ_yUDgKIDSZaR21P2jFvv94ZUaTAMQdnd9xsEMFJTpsmb2NMlg==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 1090606
x-served-by: cache-bma1658-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 9095
x-timer: S1670191163.382309,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 29909
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/cta-component.20221204-5-RELEASE.es6.js
151.101.129.44200 OK 5.1 kB URL HTTP/2 cdn.taboola.com/libtrc/cta-component.20221204-5-RELEASE.es6.js
IP 151.101.129.44:0
File type ASCII text, with very long lines (18924)
Hash 9b7cf542cdd2fc4a076a02d37dff71fc
e20ed06224647b5a57809e1cd8623e1358d0516a
472681407a0b437ec853b421e0c919a98a46838e7fd60c610e81d76dcd200997
GET /libtrc/cta-component.20221204-5-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: iBdvQgrpqB9hFnXEXocil/IPLxo9kTfrCNauB+inDV3bDvv7T6k1XT5Pz7YGdL0YbXvEa/NcVC0=
x-amz-request-id: BM2J3DBSD3EJF0FS
x-amz-replication-status: PENDING
last-modified: Sun, 04 Dec 2022 12:45:18 GMT
etag: "3d57420ee8058c5dd7c6af7bcddf9500"
x-amz-version-id: GX.y_qek13qzszMknBMEjodlNkqXuW62
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
age: 113
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 39
x-timer: S1670191163.386594,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 15
content-length: 5107
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png
151.101.129.44200 OK 5.0 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png
IP 151.101.129.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8bf61fbf88f1004f2d1ad19b2e8a65a3
4e06717009bdb501391dee7d6c41c3b8d9e81905
cb21f0b8febf2bb7d37285f47e911afc943decc1e79ddf23a6e96472197a3886
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 334840937470646990225866747919159929393,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 334840937470646990225866747919159929393,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "244ede840390440bfcbc4062835b314c"
expiration: expiry-date="Mon, 24 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 23 Sep 2022 15:19:07 GMT
req-referer: https://bialystok.se.pl/eurojackpot-we-wtorek-25-pazdziernika-kumulacja-wyniki-losowania-do-wygrania-jest-440-milionow-zlotych-aa-T1pe-mRyo-CjyX.html
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 16
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 4073284
x-served-by: cache-iad-kcgs7200146-IAD, cache-iad-kiad7000168-IAD, cache-bur-kbur8200047-BUR, cache-iad-kiad7000130-IAD, cache-bma1658-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 66, 1
x-timer: S1670191163.428470,VS0,VE3
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c4a6d2e522eb77c239a57b77cf87f16f.png
x-vcl-time-ms: 3
content-length: 5040
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg
151.101.129.44200 OK 19 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg
IP 151.101.129.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7c23768f79db59fe780efb2c58c54fdd
f000b269ccee899556dbb351cc85d8fc2f888998
27bea1cf2db038ea42aa341c0a0d831b81d62696f657465fe5118b298d8b99cd
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 493243231007183793812851951606147198600,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 493243231007183793812851951606147198600,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
etag: "7e15708d195d2d716c86af762147689d"
expiration: expiry-date="Thu, 01 Dec 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 31 Oct 2022 00:06:19 GMT
req-referer: http://gujarat.indiaresults.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 203
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 1675778
x-served-by: cache-iad-kiad7000177-IAD, cache-iad-kcgs7200050-IAD, cache-lga21977-LGA, cache-iad-kcgs7200087-IAD, cache-bma1658-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 30, 1
x-timer: S1670191163.436578,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5a79082f5514610a8f42930979bf2294.jpg
x-vcl-time-ms: 1
content-length: 18696
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg
151.101.129.44200 OK 7.2 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg
IP 151.101.129.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e48ce6177f302d1b9335edd1039c4b7a
8790a2eb6cdd826dedf26c0ea75ca49598d94ce3
8aff658c7eaaed83f81003db6049614cbd604b9c62a39053478343d6c8c05231
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 494817518622662110197702006026876009863,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 494817518622662110197702006026876009863,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "f3b697632583b039c9a200ac2d01dd0f"
last-modified: Tue, 11 Oct 2022 22:36:34 GMT
req-referer: https://weather.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 7bdefcf8c434cf9b0639118b3e923a2e
x-envoy-upstream-service-time: 113
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
age: 3311419
x-served-by: cache-iad-kjyo7100022-IAD, cache-iad-kjyo7100107-IAD, cache-lga21924-LGA, cache-iad-kjyo7100093-IAD, cache-bma1658-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 66, 1
x-timer: S1670191164.534861,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b233a5e39de8cf5bc702cf3489fdd6d7.jpg
x-vcl-time-ms: 1
content-length: 7246
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.88200 OK 5.8 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.88:0
Hash abe49ac327a305dc1c2572bc138b92b7
d0874a50d9d42e22eb4bf4f235b2d2811242abea
12aee9813f7896f962ef575f8da2db98d1de2852bcffc2e4764330087445c827
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 85784
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.142200 OK 5.0 kB URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.142:0
Hash ac6c32a189b3e08fcdec5ef8571d1dbf
1efb25c715c3a7264c78f09ebfb5e49557a6a6c0
9b61780ffcbe5ee6accc53556f6781a488b44b066934eb630b78a3dcc786ec24
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 94278
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
151.139.237.124200 OK 20 kB URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP 151.139.237.124:0
Hash dcd5ffa5bc54ff5e78f4339ab8f4e2d1
59e8af249f4dff32ae3066b5b045da6d031f4bb3
fd466f1f9f1c6d24ac60950e686858b6cdfdb09585a4477742976d24e4ca089b
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Tue, 03 Jan 2023 21:59:21 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 7B1C:D2D3:4824A8:4A013B:638A8635
vary: Accept-Encoding
x-fastly-request-id: 13302c302e4dcbfe7e16260e2cd5983d6eec8ece
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11381
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11381
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11381
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 21:59:23 GMT
Connection: keep-alive
illiweb.com/rs3/66/frm/lang/notutf8-ar.js
104.21.63.213200 OK 27 kB URL HTTP/2 illiweb.com/rs3/66/frm/lang/notutf8-ar.js
IP 104.21.63.213:0
File type ISO-8859 text, with very long lines (65536), with no line terminators
Hash 917dea9458ff8b0b2ad0bf06ab640cf3
38f4100a8b6164539271c2d4f234130b825b3616
04ec8337b6dec7da3105b95b7ece1e2a0f56adb8da19f34573cab7966e0745de
GET /rs3/66/frm/lang/notutf8-ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=73321
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:52:28 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 994013
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tndEBfJQf%2BRODZ7zOokm%2FhjVZxnCODMTV2gLS3zXhjdktXrWl%2FcyORAW4hCjpID3cvDzukMOEk%2For2m9ipav8%2BQG2dGZpJsL7ndaELt2a6NrHeXED4isqRHGAZf%2Biw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0a191e0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7bde76a4dbab17f37747e7da55ad924
56ee7aa6cf94570b1218ef6e767a7036d0b8900f
bd8320fe10dc06061008034cfd1ca9f17e941b2b859b8dd12f23bcac35746aab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f879ef8-1a6d-4f5a-9ed7-092a33c3642f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3707
x-amzn-requestid: e9d4dc01-cb68-471b-8da4-c6f170248387
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_xhEm-IAMFRNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d133c-5414a54751e2569f639d0dea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:38:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5XGO_QToLjgti1g7xU6jnUNtcyzzQZtc5pGmHqrtt6zD2dlVAN2BfQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "56ee7aa6cf94570b1218ef6e767a7036d0b8900f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8d76ec668361348eb17d54001fd2e6c6
534299a20a76ea6e3250f0fb35fe772cac04ef51
22676fae3909acf18e6cd4f505ec718fdac156990edb20926afdae2a359a2859
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5209
x-amzn-requestid: 682056d5-7815-4fd1-b05b-723619128d8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUXF5eoAMFRvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-6df5d866267739212832ee66;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pFKMx6_a5Ml_dBK1dafOt4KFMeC5SwUqNlNpc8sO4DVj0Ocb2Yksrw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 03:45:46 GMT
age: 65617
etag: "534299a20a76ea6e3250f0fb35fe772cac04ef51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0402b0c3474a5bd3b1ba804528b64a8
2d47af0fb664d9fec52549bb3bdba1dfd8911bb2
7f87af77663b8bf22211e135554ada8865cdcf6499e9fcf0f3442b10ca3984e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b3b9022-ae31-4c4b-b4aa-3d82606d5c7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5276
x-amzn-requestid: d337310e-59be-4268-bfd0-8cc4f2c91a11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_soE98IAMF0aA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-230591591f8fd0984c222549;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x7xrn7E3aUdw75Br3B_GcqRhg-i5FcqG2NRMo4Pa5VhqjblbsvcgDg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "2d47af0fb664d9fec52549bb3bdba1dfd8911bb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3130c86c084c4c925fb9179dfa5c145d
203f27660f3885d5c1bc68a535baef4e48ff6582
faf2c48c2286fe2149908947de9037640007d32e13694c1261f610250caf3f8f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d407108-e7e2-4672-80f5-d4b4c3e66151.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6173
x-amzn-requestid: dc73ee0d-b1ec-407f-8e98-3ba264725ee3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqHqwIAMFwqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-56d74e8d45baa9e87136708f;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZjAfnCIfBIkjjk0E62TZ7bHsCTUhJk9Wm_wIyhnUNvhgXja5ELfC4g==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "203f27660f3885d5c1bc68a535baef4e48ff6582"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcb8fe0c4ba323ab2483fa290c291051
6706e02d6b95edc3a33c951f07d04b0fb7415b77
6be68deb3a330955027ec16eaca2cdf4e2776620ffb7cb995922664b24400f02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8749
x-amzn-requestid: ee03c447-299b-45d5-b8c6-12d4d1dc436d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_spHdBIAMFywQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-0c9805c6112ec9ec6b9d1544;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tsL8hmcWaBeKYVG2b4g7ebl-sQ0Z5jZaexEfvldfzq9COcOdzqLhUA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:48:15 GMT
age: 668
etag: "6706e02d6b95edc3a33c951f07d04b0fb7415b77"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api.viglink.com/api/domains
34.246.116.79200 OK 56 B URL HTTP/1.1 api.viglink.com/api/domains
IP 34.246.116.79:0
File type ASCII text, with no line terminators
Hash 05b7341e73110bfaf4d424ef1adec915
baf3834698ec38c170ad73dd15512bcd4e7f7687
9ba43db945b0e10cf7f6b34eee914d2d3be161e8b11a08181cfec8170acbaa5d
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 304
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mahasinsaif.banouta.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:23 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 56
Connection: keep-alive
tzegilo.com/stattag.js
172.67.194.45200 OK 5.2 kB IP 172.67.194.45:0
File type ASCII text, with very long lines (12966), with no line terminators
Hash dcc859d4c32d23dee5a3da37b068b136
82ec3de4bff61a07d02e67382fdb0ebb76bfa2e7
2d14da3153c74459783de18b360f83354582f4abf092ab2d5b9c3bfaa2760fb0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:23 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgLS6oYfppB%2FevwdfjRsKZiX1eO96umSjmkmr0pcaGO3%2B20grp89NvoxugQVuWGdjTQrbID8Qor0o%2FcN%2Bjy57ufS657lvxR7pH3LpmWRyqvxgeDhcvjIbIlY7BNYZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf10b9441bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=31589837&cb=1670191161346&uv=3245&tms=1670191161346&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161346&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=31589837&cb=1670191161346&uv=3245&tms=1670191161346&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161346&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=31589837&cb=1670191161346&uv=3245&tms=1670191161346&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161346&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
content-length: 0
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
151.101.129.44200 OK 8.3 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
IP 151.101.129.44:0
Hash a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991
GET /vpaid/units/32_4_5/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Bf8dw0NjA07TfpEMmKBaL+UFJWQuALEo7owO+vyJS0Z7+UM4VbN5qXqenI+jCaBsTF8hL6tqRMY=
x-amz-request-id: 89SNZ5N6GV47VA34
last-modified: Mon, 28 Nov 2022 10:07:46 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1669630065
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630064
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 561005
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 90814
x-timer: S1670191164.006729,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js
151.101.129.44200 OK 128 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js
IP 151.101.129.44:0
File type Unicode text, UTF-8 text, with very long lines (65489), with no line terminators
Size 128 kB (127788 bytes)
Hash 2b361da912acc8f13f4f1b545047025f
af3a70c02bb88e27a151e8edf4a93931ace2aced
7f44e7dee5fbeb1334cdcb6b06d37dbf74a5ce2c65d4494843a2dabd98f2ef1b
GET /vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: NxcjemMMJRUsCExBkB2iiVRl9DgwLdtVaii0IcyucefSWzHY1Wd9p4I32adBzeHQ7741KdCnChI=
x-amz-request-id: 89SJXSQ72NB1B3KT
last-modified: Mon, 28 Nov 2022 10:06:56 GMT
etag: "2b361da912acc8f13f4f1b545047025f"
x-amz-meta-ctime: 1669630015
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630014
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 561005
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 40490
x-timer: S1670191164.031888,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 127788
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 742 B URL HTTP/2 am-match.taboola.com/sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (742), with no line terminators
Hash e212b134cabf80f8be66f676e09c0097
c6f5b87bdb324d5acc99af18d97d5d9835c65c7a
f4461fdc5512d2915f67a2b761cfd5ce1166d1f8dd0f07a571bf31eb1c7d0855
GET /sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:23 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3406
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea0eec00-741e-11ed-ae26-1131174c0406
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea0eec00-741e-11ed-ae26-1131174c0406
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea0eec00-741e-11ed-ae26-1131174c0406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea15f4e9-741e-11ed-be00-1e1d47870106; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 104
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea15e883-741e-11ed-aac8-1d66682b0506; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea15e8f1-741e-11ed-aac8-1d66682b0506
X-fe: 19
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
am-match.taboola.com/sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 1.1 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1120), with no line terminators
Hash f717cf68d70edb144ff0ab0bbaffacfe
e3f6de8e0594a980413fb5ac1cd43376b6427ec8
71b7861e9cdaab14dede85a55abcc5caa084ca862ecf9906830ea4de881be04b
GET /sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea15e8f1-741e-11ed-aac8-1d66682b0506
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea15e8f1-741e-11ed-aac8-1d66682b0506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea15e8f1-741e-11ed-aac8-1d66682b0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea1d2add-741e-11ed-aada-10ffbde80106; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 12
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=undefined&cb=1670191161861&uv=3245&tms=1670191161861&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=b59e2d89-3c03-4fbe-bb38-b3aa0defff6a&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
151.101.129.44200 OK 446 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=undefined&cb=1670191161861&uv=3245&tms=1670191161861&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=b59e2d89-3c03-4fbe-bb38-b3aa0defff6a&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP 151.101.129.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (928), with no line terminators
Hash e24def780babaab75f63c88cc18c77cc
25b9811e8738f191cfa1c64cb40ac8eb57febca2
9da1df211b7a5dfd0115080e09097564883ad35fae7a0b7d11b2cda9fe1f306c
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=undefined&cb=1670191161861&uv=3245&tms=1670191161861&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=b59e2d89-3c03-4fbe-bb38-b3aa0defff6a&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.327126,VS0,VE24
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash f499b2c86f35e9a3eada12bc73765263
64a65fe44a6a6683fc6a5ab5952dd676960ed936
72e63411fbfa22598322a2a19a427f8d3760a40fee46e095ff01a1e3ef1a0862
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Thu, 08 Dec 2022 18:45:48 GMT
ETag: "64a65fe44a6a6683fc6a5ab5952dd676960ed936"
Last-Modified: Sun, 04 Dec 2022 18:45:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2811
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7747cf1a094fb51e-OSL
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
151.101.129.44200 OK 87 kB URL HTTP/2 vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
IP 151.101.129.44:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash dcfe04133edaa84ac4a7356299134bf2
600265d1e188692d5cb0b9dbc828c708181bd3d8
1f50ba3994c74af69746c8db181597b9e74d7bb53c808ce9f7014facf0c59bfd
GET /vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: DH4gCSpZOjdiQ2RHNdcZaQ1gWcI8EDnhtXKaFZT4JUmiFDacp53eylqcVHaDpMgh56JBtwAdvTI=
x-amz-request-id: M2DJX9S4FNAQPE8Z
last-modified: Thu, 27 Oct 2022 07:34:53 GMT
etag: "dcfe04133edaa84ac4a7356299134bf2"
x-amz-meta-ctime: 1666856092
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856080
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 743042
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 89359
x-timer: S1670191165.566548,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87152
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1b9552-741e-11ed-8510-15758c630206
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1b9552-741e-11ed-8510-15758c630206
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1b9552-741e-11ed-8510-15758c630206 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea4054d0-741e-11ed-b434-16a7f9820306; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 106
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1f25e1-741e-11ed-9699-155da6fd0506
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1f25e1-741e-11ed-9699-155da6fd0506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea1f25e1-741e-11ed-9699-155da6fd0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea40b20b-741e-11ed-8e71-197e22df0406; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 30
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
am-match.taboola.com/sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 742 B URL HTTP/2 am-match.taboola.com/sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (742), with no line terminators
Hash 98a76f3a7fd5e8337ef3301d5d69d0d7
f7c260a4e32ec68e61dc6e25c3b7e4d2b572c6a6
878a2c6c7257a40f4bd4a98b8e865f1307fadd09a359b067f19049d6f096a4c3
GET /sync?dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
151.101.129.44200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP 151.101.129.44:0
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
age: 23201
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 2218
x-timer: S1670191165.656252,VS0,VE0
cache-control: private,max-age=31536000
abp: 15
content-length: 254
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 838d243942d48827243c3bcee18d11ed
26243d17a8493cbaa1759bde860c0a2a54f36e02
bf818584bae52201d47f2fadf57114acdcadf908a7003b26b846196ccef11ede
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=162099
Date: Sun, 04 Dec 2022 21:59:24 GMT
Etag: "638cd528-1d7"
Expires: Tue, 06 Dec 2022 19:01:03 GMT
Last-Modified: Sun, 04 Dec 2022 17:13:12 GMT
Server: ECS (nyb/1D2E)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CKQDXeAXV0RyZ5HIHYMkR0fgeSycCPrLaaEbcVjxwkPFnJQnigtDXg==
Age: 6471
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea435914-741e-11ed-9112-1ebee0f60506
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea435914-741e-11ed-9112-1ebee0f60506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea435914-741e-11ed-9112-1ebee0f60506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea4d4687-741e-11ed-94fe-1e875f050106; expires=Sun, 01-Jan-2023 21:59:24 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 74
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
104.85.187.217301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP 104.85.187.217:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
date: Sun, 04 Dec 2022 21:59:24 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/log/3/visible?tvi2=-2&route=AM%3AIL%3AV<i=deflated
151.101.129.44204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/visible?tvi2=-2&route=AM%3AIL%3AV<i=deflated
IP 151.101.129.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/visible?tvi2=-2&route=AM%3AIL%3AV<i=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2570
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191165.657974,VS0,VE85
x-vcl-time-ms: 85
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e628b15d0ac70efe6a7d72ea00716fa3
cff8653177e58253bae09b9010f889c0b097b221
39d68fe3ffb4a1e277c6aa63b742c5e6e17e6e13e064bf42cd2e45b8f2786f0c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6148
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:24 GMT
Last-Modified: Sun, 04 Dec 2022 20:16:56 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
trc.taboola.com/forumotion-ar/log/3/bulk?tvi2=-2&route=AM%3AIL%3AV<i=deflated&bulkSize=2
151.101.129.44204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/bulk?tvi2=-2&route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP 151.101.129.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk?tvi2=-2&route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5311
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191165.657302,VS0,VE89
x-vcl-time-ms: 89
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash dbb66a45515eb4bd61566b8a462222b7
2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9
1929d698afaff5af3fd939389346226a6056b86e4f870b0769755b0cdefd60a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:59:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=445643,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7747cf1bac86b4fd-OSL
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Dec 2022 21:59:24 GMT
Connection: keep-alive
Vary: Accept-Encoding
ups.analytics.yahoo.com/ups/58534/occ
3.126.56.137302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 21:59:24 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBDwYjWMCEGn8oTY0xIqeNXdU0zOzYx0FEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAqI2UIdUVqa4Yn7EH1hEJK4; Expires=Tue, 5 Dec 2023 03:59:24 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18728)
Hash de8d25f887a0fa41f6f06f47032cf2ed
730223801e090e4746352343fa2faa352466a1fd
377cfef236901519d68cbcd502144605dfa7b21e62896ef35890a7524dffb64d
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Sun, 04 Dec 2022 11:34:22 GMT
Content-Encoding: gzip
Content-Length: 10067
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=48842
Expires: Mon, 05 Dec 2022 11:33:26 GMT
Date: Sun, 04 Dec 2022 21:59:24 GMT
Connection: keep-alive
Vary: Accept-Encoding
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
3.123.160.250200 OK 43 B URL HTTP/2 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP 3.123.160.250:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
3.126.56.137204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:59:24 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBDwYjWMCEJ1JzAq8H5x47MYDcbGaWCMFEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAp4Gk3WidGuuAJuEi_k8fpw; Expires=Tue, 5 Dec 2023 03:59:24 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=31589837&cb=1670191161860&uv=3245&tms=1670191161860&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161860&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=31589837&cb=1670191161860&uv=3245&tms=1670191161860&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161860&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&cmcv=&pix=31589837&cb=1670191161860&uv=3245&tms=1670191161860&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670191158198!ts:1670191161860&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:24 GMT
content-length: 0
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:59:25 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea844383-741e-11ed-9595-141922060506; expires=Sun, 01-Jan-2023 21:59:25 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea8443db-741e-11ed-9595-141922060506
X-fe: 64
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea8443db-741e-11ed-9595-141922060506
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea8443db-741e-11ed-9595-141922060506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=ea8443db-741e-11ed-9595-141922060506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:59:25 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=ea88c83b-741e-11ed-8bdd-1626150c0206; expires=Sun, 01-Jan-2023 21:59:25 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 137
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ups.analytics.yahoo.com/ups/58534/occ
3.126.56.137302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sun, 04 Dec 2022 21:59:25 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBD0YjWMCEHU8S2wMaR-6Licy-j7Gq-IFEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAii02KGpYfI2OhXNIlmKdJ4; Expires=Tue, 5 Dec 2023 03:59:25 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
3.126.56.137204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:59:25 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBD0YjWMCECP7w8NDXUMeUQVuVoakiMUFEgEBAQFpjmOWYwAAAAAA_eMAAA&S=AQAAAmOlVwyIodzXrNCN79ClQhA; Expires=Tue, 5 Dec 2023 03:59:25 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Content-Type: application/json
Origin: https://mahasinsaif.banouta.net
Content-Length: 756
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1537453c5313c81f739caa518ead86b5
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
cdn.taboola.com/scripts/cds-pips.js
151.101.129.44200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP 151.101.129.44:0
File type ASCII text, with very long lines (3545), with no line terminators
Hash 780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:25 GMT
via: 1.1 varnish
age: 3295
x-served-by: cache-bma1658-BMA
x-cache: HIT
x-cache-hits: 3594
x-timer: S1670191165.353607,VS0,VE0
vary: Accept-Encoding
abp: 15
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=mahasinsaif.banouta.net
178.250.0.157200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=mahasinsaif.banouta.net
IP 178.250.0.157:0
Hash b39740609d14b3b54a5087554ba70b33
a176e33eb1d780ba6ad6d7ab13b4e23281d5ec10
9e692669b06c149708d673287fd1b8675b6a04e53ad6592d30880fba1a3de234
GET /syncframe?origin=rtus&topUrl=mahasinsaif.banouta.net HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=1b7639c8-dce6-45b9-af00-dc9da0313355; expires=Fri, 29 Dec 2023 21:59:25 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 813464
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.142200 OK 356 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.142:0
File type JSON data\012- , ASCII text, with very long lines (411), with no line terminators
Hash c5c53385885cbe5019bc9a0883ada37a
11571593695b3f0a2e025e178f410a6d9f5157ec
17e6f76a8b30aac49fbf6a105a73502a52d83c4243a21b51eca223a2a2b7c561
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 98736
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 9cfee58abf1ff4ea56cd0fe02a0eaa3b
bf412b651475a23a2539a80beb8fee45a139ffc3
3bc51e12ef2f154728ddcab5066477fb44ffb2837678942eac323b12fdce2651
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5293
Cache-Control: max-age=158012
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:59:25 GMT
Etag: "638cc9cc-13a"
Expires: Tue, 06 Dec 2022 17:52:57 GMT
Last-Modified: Sun, 04 Dec 2022 16:24:44 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 314
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 8.9 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
Hash 0fe09f642ee64f148ebf05c04b8b29b6
39364896c86f69561ae2e8d208073a37fa1871d0
3d446a64c19762e8d035891c1ec0aba3dff9acb9c7c92f5bf743cdbd85002b86
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
x-crto-bundle: Nkjkq19hWjQ3MFpRdmRwT2RFSVJob2FINUVLQXc3dlJPdnhCQ2phYTZ2ejBlTndmN0M0MGslMkIwelVzSDF3OWsyRWRoUWZhekxQOUUlMkI0U1JqYXZmbXhYME4lMkJIa0s0R01PdEh5cU1SJTJCbWdiMzNMRmM1UzV4MmRiaWdpSCUyRkM2eEt4eHkycmRXM1pOeFBuU0dORHJwcUxxaHU0NTNBJTNEJTNE
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://mahasinsaif.banouta.net
server-processing-duration-in-ticks: 2045853
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
34.192.165.142200 OK 82 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP 34.192.165.142:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c12d660b239a82b0008377bc192e9849
613459bd63150ddc0abb8be40f65ce63e3283fd1
77c2013d08421893870ede37dd8a1c6230a8d83cf0484dc3e56356a2403e709d
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:24 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=98df345cb5d1482d8c56c05b2acd3120&zoneId=2308013&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=98df345cb5d1482d8c56c05b2acd3120&zoneId=2308013&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fa3609b46a8dc8b5ed7a2616cbcf7df2
e518cfe96f6c45f88d8f21a494fa763a98b7df52
0ede90cd67d27d84369db0d102d797a68f433e561388177b62e6ca2828d21389
GET /gid.js?pub=0&userId=98df345cb5d1482d8c56c05b2acd3120&zoneId=2308013&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Cookie: ID=97da9027b7b34218ac2d4a79db326995
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:29 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=97da9027b7b34218ac2d4a79db326995; expires=Mon, 04 Dec 2023 21:59:29 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
connect.topicit.net/scripts/connect.js
188.114.97.1200 OK 0 B URL HTTP/2 connect.topicit.net/scripts/connect.js
IP 188.114.97.1:0
GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 2811
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qdni6G%2BiJXzsDu5aRS7pl9Fm6X3J3Pwcegz1kpMwmQAabLLJOtuMohja2hVPc5RqZ1pKSmrR6FeqltxIGlF0QVW67BjjjnrOnAVNMQUUd6TDSuBkuZcNgEFDpwv8z7RyF559qVsH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7747cf0cadc0b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191166646&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1068572132&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
151.101.129.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191166646&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1068572132&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
IP 151.101.129.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191166646&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=1068572132&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1453
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:29 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191169.112087,VS0,VE42
vary: Accept-Encoding
X-Firefox-Spdy: h2
mahasinsaif.banouta.net/t3-topic
94.23.159.185200 OK 0 B URL HTTP/2 mahasinsaif.banouta.net/t3-topic
IP 94.23.159.185:0
GET /t3-topic HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:21 GMT
content-type: text/html; charset=windows-1256
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Sun, 04 Dec 2022 00:00:00 GMT
last-modified: Sun, 04 Dec 2022 21:59:21 GMT
vary: User-Agent
set-cookie: exadd=167020; expires=Mon, 05-Dec-2022 01:59:21 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net
IP 178.250.0.157:0
GET /syncframe?origin=publishertag&topUrl=mahasinsaif.banouta.net HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=8ef61e43-aa82-47d6-a28d-81c9c1f86d7a; expires=Fri, 29 Dec 2023 21:59:22 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 534624
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=PG7pZl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPZ3RjZEJKVUZRVUdnNk9sUGpqTjclMkJ6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz; expires=Fri, 29 Dec 2023 21:59:22 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 290890
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
mahasinsaif.banouta.net/sw.js
94.23.159.185200 OK 0 B URL HTTP/2 mahasinsaif.banouta.net/sw.js
IP 94.23.159.185:0
GET /sw.js HTTP/1.1
Host: mahasinsaif.banouta.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/t3-topic
Connection: keep-alive
Cookie: exadd=167020; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; _ga=GA1.2.146191530.1670191160; _gid=GA1.2.197279554.1670191160; _gat_gtag_UA_144347007_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
vidstatb.taboola.com/vid/blackScreen5.mp4
151.101.129.44206 Partial Content 0 B URL HTTP/2 vidstatb.taboola.com/vid/blackScreen5.mp4
IP 151.101.129.44:0
GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
age: 246141
x-served-by: cache-bma1658-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 84623
x-timer: S1670191165.675810,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=undefined&cb=1670191161347&uv=3245&tms=1670191161347&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=46ecaaac-c879-42da-b5ae-c7ca423eab98&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
151.101.129.44200 OK 0 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=undefined&cb=1670191161347&uv=3245&tms=1670191161347&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=46ecaaac-c879-42da-b5ae-c7ca423eab98&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP 151.101.129.44:0
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&cmcv=&pix=undefined&cb=1670191161347&uv=3245&tms=1670191161347&abt=eidc_vB!mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=46ecaaac-c879-42da-b5ae-c7ca423eab98&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.819417,VS0,VE24
vary: Accept-Encoding
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191161364&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
151.101.129.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191161364&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
IP 151.101.129.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670191161364&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7LzQCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJDRbeRwOh8etMe6Wa9Fk5HBLXAuXW-PbOEyTzcphcQ6HQEKzlcfhcHjcGuNuuRZNRg63xLVwuTW-jcM02awcFudwChE3GQ6fg4Go6Hpb7A6n2fMGFDSdDp_rXq92GB2ep93zcNrsEofd7zo97HKX6S_6rEV_w9NjBwAAAICH____fwgAAACACAAAAAAJAAAAAIqAin8LgQsAAAAAjP___38NgE8Ogvec_f4AAAAAAAEAAAAgARhYDSgB-DhfOfn_________jxmgz7yR-f___78x6AF48AF4EAIAALgYOg5kYxHpI-ciKtAtYgQAAACwpaWieTSpEyqLqv___34rgCsAgADCbxPTvSzdQYm3MAAAgICxBXpY_H6zw67xu132_________2_2f_aPJvQ2ep0WxDJ6rfYLCACw9gsIAMCmbgAAbwFwQUfQisFgdQqxG84Wu9FsM5odAAAAwN3___-_HsiMZp6NZznZbIYLk2e12Jhcw4VtYfM4VwuPabbc3rTRaPCpZc9dX8RNhsPnYCAqut4Wu8Np9tyPoiXL3XK3Gk0Wo9FyudkNN6PB_gZisBrgRAyWy8lkMdmtRqvRZrgbzQYLFIjBBClasloul6vNZrXajRazwWY53GyQolWr2WgzGK5mk9lutxoOhsvRCClastwtd6vRZDEaLZeb3XAzGgwRphyLwWiyW7kVk4XJLZpZlmuJybFya4a7lcmwW7k8s4lb9PqYHsbZcmRxeFEwIGMvkqdFOpENZ5uJcWHYDFY222ozG3kGK8Nst5v5FqaZczaYiCWak0U6kV32ndHMs_EsJ5vNcGHyrBYbk2u4sC1sHudq4THNlvuWYzEYTXYrt2KyMLlFM8tyLTE5Vm7NcLcyGXYrl2c2cYteH9PDOFuOLA5_Y7YbLJaLxWyyb8x2g8VysZhN9h06w3f1ORudwfHEo7NOa9vdzuYwKFwGi_f3uUib0cbNqNKGLRbVtbhzTaw6bexk7BzMBoVveE0Mfz_189rN3g5ig0ERSwQX6UTmt7zeftPTb3crLBexRGm6SCd60Wct-hueHotYIjhdpBPRy3i6qP_IkIu5cjAXTeaK1WiVAAAAAAAAAACWMGfeBAAAAOA0kNFgM1yt80AGy8FuuVouAISzl-4PHu-8WGRh_C4rartSaI3ZR3Hjxw3mt7zeftPTb3crLFcGeKAmZ978mSDWarWsAQAABLABAAACuHXzFoDNxP_____HAQAAyMjRAwAAiO8DQR0r9MCNXvMT5GC1HA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1478
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.871047,VS0,VE47
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/pfe/current/universal.min.js?v=3.1.409
139.45.197.250200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.409
IP 139.45.197.250:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.409 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mahasinsaif.banouta.net/
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-18c6c"
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&encoded=1&uid=e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670191160949&tagid=&cntry=NO&platform=1&sesid=34f3c392338ad351cd58a6afc95ac469&itemid=/t3-topic&viewid=1670191160411&geolat=&geoing=&deviceifa=&appid=&sd=v2_34f3c392338ad351cd58a6afc95ac469_e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba_1670191162_1670191162_CNawjgYQ3pxDGNu4mvnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=338152cbd1b0803fd908acae51e174ba&appname=&cdb=&gdprApplies=true&rid=&sii=-6005289198310562273&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9059
151.101.129.44200 OK 0 B URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&encoded=1&uid=e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670191160949&tagid=&cntry=NO&platform=1&sesid=34f3c392338ad351cd58a6afc95ac469&itemid=/t3-topic&viewid=1670191160411&geolat=&geoing=&deviceifa=&appid=&sd=v2_34f3c392338ad351cd58a6afc95ac469_e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba_1670191162_1670191162_CNawjgYQ3pxDGNu4mvnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=338152cbd1b0803fd908acae51e174ba&appname=&cdb=&gdprApplies=true&rid=&sii=-6005289198310562273&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9059
IP 151.101.129.44:0
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fmahasinsaif.banouta.net%2Ft3-topic&encoded=1&uid=e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670191160949&tagid=&cntry=NO&platform=1&sesid=34f3c392338ad351cd58a6afc95ac469&itemid=/t3-topic&viewid=1670191160411&geolat=&geoing=&deviceifa=&appid=&sd=v2_34f3c392338ad351cd58a6afc95ac469_e110427e-12ad-4f29-bd1e-387ed07ee36b-tucta869dba_1670191162_1670191162_CNawjgYQ3pxDGNu4mvnNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=338152cbd1b0803fd908acae51e174ba&appname=&cdb=&gdprApplies=true&rid=&sii=-6005289198310562273&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9059 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1414
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191163.422860,VS0,VE31
vary: Accept-Encoding
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sync?dast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
34.192.165.142200 OK 0 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP 34.192.165.142:0
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=CJt-m180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPajBwUndhdXhneWMyJTJCOWpucTZSdGpz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:59:25 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=0hpduF80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hYSDQ0YWl4ZnVpRSUyRkd2QXZJNFJPZ0NtN3IyOXBpJTJGNFJiMlVBVFd6aVlC; expires=Fri, 29 Dec 2023 21:59:25 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 333894
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.0.130:0
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Mon, 05 Dec 2022 21:59:22 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
stootsou.net/pfe/current/tag.min.js?z=2308013
139.45.197.250200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/tag.min.js?z=2308013
IP 139.45.197.250:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:59:22 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670191161867&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
151.101.129.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670191161867&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1
IP 151.101.129.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670191161867&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-112229282&tz=0&viewable=true&ddast=V7dCYCFgPuHicyQBVFVQTuHicyQBVFVQUAAAAGBuIHJOJariwj43Kt2Rg2a9HM4nJLLJ7hWuJZOAwjl81msy2MQEIuw8w1mSzcipVvsBYtF761wjSxuDUmw2RjmRlno-VyCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjegoOl0-Fz3erXD6PA87Z6H02aXOOx-1-lhl7tMf9FnLfobnh47AAAAADwAWL1lQvwAAgBEAAAAAEgAAAAAUARU_FsIXAAAAABgABiQXGgAfHIQvOfs9wcAQMMWCACAAAYJwMBqQAnAx_nKCQAAAAAAAAAAy____38MwB7WmAzAyP5OD8CDD8ADUYFhESMAAACALS0VzaNJnVBZVAEAEKRbAVwBAAQQfpugooQBAAAEjC3Qw-L3mx12jd_tMgAAAAAAAAAAs_-zfzSht9HrtCCW0Wu1X0AAgLVfQAAANnUDAHgLgAs6glYMBqtTiN1wttiNZpvR7AAAAADu_v____VAZjTzbDzLyWYzXJg8q8XG5BoubAubx7laeEyz5famjUaDTy177vo8hGX2-w4iludr-hsOMr7l9TaIiq63xe5wmj33o2jJcrfcrUaTxWi0XG52w81osL-BGKwGOBGD5XIyWUx2q9FqtBnuRrPBAgViMEGKlqyWy-Vqs1mtdqPFbLBZDjcbpGjVajbaDIar2WS2262Gg-FyNEKKlix3y91qNFmMRsvlZjfcjAZDhCnHYjCa7FZuxWRhcotmluVaYnKs3JrhbmUy7FYuz2ziFr0-podxthxZHF4UDMjYi-Aincj8ltfbb3r67W6F5SKWaE4W6UR22XdGM8_Gs5xsNsOFybNabEyu4cK2sHmcq4XHNFvuW47FYDTZrdyKycLkFs0sy7XE5Fi5NcPdymTYrVye2cQten1MD-NsObI4_I3ZbrBYLhazyb4x2w0Wy8ViNtl36Azf1edsdAbHE4_OOq1tdzubw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRnC7SiehlPF3EEsnTIp1oNsPFarKxmBwTw3CwmZmcg-HC43C5FivHbjRxWMQSpekinehFn7Xob3h6LOo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxXywWAcPbS_cHjnReLLIzfZUVtVwqtMfsobvy4wfyW19tvevrtboXlygAP1OTMmz0TxFqtljUAAIAANgAAQAC3bt4CsBm5faAnSr3wI1cKfoIcrJYD!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=eidc_vB!mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fmahasinsaif.banouta.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://mahasinsaif.banouta.net
Connection: keep-alive
Referer: https://mahasinsaif.banouta.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1406
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://mahasinsaif.banouta.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:59:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670191164.341139,VS0,VE42
vary: Accept-Encoding
X-Firefox-Spdy: h2